Tag: open directory server

An OS X Open Directory account which is set to be a mobile account will cache its password locally in the event the computer cannot communicate with the Open Directory server. You can reset this locally cached password by doing the following:

Note: The following instructions work for local accounts AND mobile Open Directory accounts which have locally cached passwords.

If you do this for an account that has its home directory encrypted with FileVault, then you’ll still be prompted to enter the old account password since that is what the encrypted FileVault file is using. After entering the old FileVault password, the password on the encrypted archive will be updated to the new account password so they are in sync.

If you do this on a mobile Open Directory account, then the user account password on the computer will be out of sync with what is stored on the Open Directory server and the computer won’t authenticate against the Open Directory server for that user account. To fix this, you need to delete the locally cached password for the user account on the computer. To do this make sure the computer is connected to the network in such a way that it canconnect to the Open Directory server. Then issue the following command on the computer that you reset the account password on: dscl . -delete /Users/userName

NOTE: If the user account is using FileVault, then this will break that feature. When you log into the account after doing the “dscl -delete” command, the FileVault archive containing the user’s home folder contents will not mount. You can still manually mount the encrypted archive which is in their home folder.

To fix this problem in Leopard, you need to readd the user account setting that lets OS X know to use a FileVault encrypted archive as the user’s home folder. Run the following terminal command: